Please see the included readme for detailed instructions and warnings.

For the WL-520GU, try renaming tomato-ND.trx to WL520gu_2.0.0.9_EN.trx and upgrade as usual.

Note: If you're using a Motorola router, install the original firmware first.
See the included readme for additional information.

Note: If you're using the DD-WRT firmware, please see the information below
about password incompatibility.

Open the router's GUI in your browser, use the same procedure as upgrading a
firmware, pick a Tomato firmware file that is appropriate for your router,
and "upgrade." If you can't find a file to exact match for your router (and
your router is supported by Tomato -- check!), *choose any* of the file. You
can also try renaming the .TRX file to .BIN to see if that helps. Don't worry,
the header/signatures are different for each file, but the are exactly the same
when installed.

Please see the included readme also.

Important: Make sure the firmware you are going to use is the correct type for
your router. Tomato will accept WRT54G/GL, WRT54GS, WRT54GSv4, WRTSL54GS, WR850G
and TRX types of files, but it cannot check if the firmware actually supports
your router.

Open Tomato's GUI in your browser, go to Administration/Upgrade, select the file
and click the Upgrade button.

Yes. It uses the Linux kernel and most of the utilities provided in Linksys'
WRT54GL source code as a starting point. Besides the visible GUI change, a lot
of the code inside has also undergone extensive changes to add new features, fix
problems, optimize and reduce the size.

Make sure you're entering the username "admin" or "root". Unlike the Linksys
firmware, they are required in Tomato.

If you're upgrading from the DD-WRT firmware, telnet into the router *before*
upgrading and type "nvram get http_passwd". The result will be your password in
Tomato. This is necessary because of a change in DD-WRT's way of using the
standard http_passwd variable.

If you have a Buffalo router or a Linksys with a pushable Cisco logo, push the
AOSS/Cisco button for at least 20 seconds, then telnet into the router on
port 233. Type "nvram get http_passwd" to retrieve the password or "nvram set
http_passwd='your_new_password'" followed by "nvram commit" to set it manually.
Reboot the router using the command "reboot" after using this method.

If nothing else works, push the reset button for a few seconds to reset all of
the settings. The default password after resetting is "admin".

If you're upgrading from an older version of Tomato, you don't need to perform
a reset. Unless indicated in the release notes, Tomato will automatically
upgrade older configurations if necessary.

If you upgraded from another firmware, a complete reset is recommended. Go to
Administration/Configuration and select "Erase all NVRAM..." after installing
Tomato.

Unless it's specifically for Tomato, probably not. The popular one
floating around with several "echo xxx > xxx" lines is for an older version
of HyperWRT and not necessary in Tomato.

The default maximum connections in Tomato is 4096. The default established
timeout value (the infamous "5 day" value) is 4 hours. You can change these
values in Advanced/Conntrack if you like.

Verify that hostname is valid (Basic/Identification).

Go to Advanced/DHCP and try enabling "Reduce Packet Size".

If you disabled NAT Loopback in Advanced/Firewall, try enabling it.

Try releasing -then- renewing the lease from your computer. In Windows, you can type "ipconfig /release" followed by "ipconfig /renew" from the command line.

Check your if your wireless card has an updated driver available. Some notebook manufacturers customize the drivers, so check their site first.

If you have an HP + Intel 2200BG, the following reportedly fixes a disconnect problem:
hp.com

Free memory is often used temporarily for cache and is automatically freed when
needed. If you want the free memory display to count the cache size as free memory,
go to Administration/Debugging. But unless you're getting error messages about
not having enough memory, don't worry about it.

This is probably more commonly known to some as Samba or Windows Shared Folders
or the "\\machine\share" thing. It's used to make a drive from a computer or
device accessible from within the router.

Use an IP address. ex: \\192.168.1.5\share

Use a regular account that requires username/password instead of a guest account.

Make sure the account has read/write permission.

Make sure NAT Loopback is enabled in Advanced/Firewall.

It's a filesystem that is used to turn an unused portion of the router's NVRAM
into a writable space.

Note: The CFE and config areas are constant in size, but the firmware size may change
when you upgrade. Because of this, the unused portion used by JFFS2 may also
shrink or expand, erasing the data in the JFFS2. Always backup your data before
upgrading.

It's a directory that is accessible/writable from within the router. Examples:
"/tmp/", "/cifs1/mystuff/" (if you mounted a drive). Windows "C:\directory\"
should not be used. If you want to save the data to your computer's hard drive,
use CIFS.

Some settings are saved in the browser as cookies, so make sure your browser is
not set to erase these cookies.

Opera users should try using the router's hostname (http://hostname/) when
accessing the router's GUI since Opera doesn't seem to save cookies when using
an IP address.

If you're using Firefox or Opera, upgrade to the latest version. If you're using
Internet Explorer, you need to install the
Adobe SVG Viewer.
If you're using Safari, install the latest Safari 3.

Note: Having a browser that has SVG support doesn't necessarily mean you will be able to view the graphs. Some implementations may be good for displaying simple static SVG, but may not support all features needed by Tomato.

Inside or outside of the DHCP range will work, but it's probably better to use
an address outside of the range so it doesn't get in the way.

Use static DHCP in Basic/Static DHCP. If you don't want to use static DHCP,
you can still use the page by entering 00:00:00:00:00:00 as the MAC address.

Names that have a dot, like "foo.lan", are treated as regular domain names.
Undotted names like "foo" use the router's domain name. Multiple names may be entered by separating them with spaces (foo1 foo2).

The hostnames should work on all computers connected to the LAN as long as the
router's DNS forwarder is used (the default setting). They will not work from
the Internet side.

The most common setup is to simply use a straight port forwarding like the
following examples:

When my computer stops using all of the ports, the forwarding automatically
stops after a few minutes.

Firewall Protection -- Firewall is always enabled in Tomato.

Block Anonymous Internet Requests, Filter Multicast, Filter Internet
NAT Redirection -- Reversed and renamed to "Respond to Inbound Ping",
"Allow Multicast" and "NAT Loopback" since these are closer to what they actually do.

Filter IDENT -- Not supported, but you can use Access Restriction to block
destination port 113.

Block Active X, Java, P2P -- Use Access Restriction.

Block Cookies, Port Scan -- Not supported.

These options are not supported in Tomato. They are actually labeled a little
bit incorrectly in Linksys' firmware: When disabled, ports are blocked. When
enabled, they did nothing.

If it worked before with the Linksys firmware when the "passthrough" was enabled,
they should work fine under Tomato without any additional settings.

No. In Tomato, these buttons are assigned to be wireless on/off switches by
default. They can also be configured to do other tasks like running a custom
script.

Reports indicate yes on both platforms. AOSS-based setup is not supported.

Check with your DDNS provider's help pages for the exact format. It's the
same type of URL that you can enter in your regular web browser.

Notes:

The keyword @IP can be used if you need to insert the current WAN IP address.

Basic authentication can be entered using the "http://username:password@domain/" notation.

POST requests are not supported.

You can use "standard Linux commands." Google to find a list of the most common
ones. But keep in mind that only a few are included and most are simplified
Busybox versions.

Some interesting utilities to play with: wl, nvram, ttcp, iptables, top

The startup script runs at startup or when the router is soft-restarted.

The shutdown script runs when the router is shutdown, rebooted, or
soft-restarted.

The firewall script runs after setting up the firewall/iptables rules which
means it will run after the WAN is connected and whenever there are changes to
the configuration that affect the firewall.

The WAN UP script runs when the WAN is connected.

The SES/AOSS scripts run when the SES or AOSS buttons are pushed.
The first argument passed to this script is the number of seconds the button was
held.

The Auto/Bridge script, which is only in Buffalo routers, runs whenever a
change in the auto/bridge switch at the bottom of the router is detected. It
will also run at startup so the initial position can be read (see example on
how to avoid running at startup). The first argument passed to this script are
the words "auto" or "bridge".

The startup script actually runs ahead of some services. Things that involve
networking, for example, are not going to be up yet when the startup script
begins. To work around this, use "sleep 5" or a similar command to wait until
what you need is up and running. Better yet, consider putting the script in
other areas like the firewall script where you're assured that the network is
ready.

If you'd rather do this manually: Tomato uses Busybox's crond implementation
which doesn't use the same files as the ones found in DD-WRT or HyperWRT (Vixie).
The cron file is in /var/spool/cron/crontabs/root.

It's a text from the URL. More specifically, from the hostname, path and query
parts of a URL:

http://hostname:port/path?query

Multiple words can be entered by using spaces or new lines:

word1 word2
word3

These are treated as an "OR" expression: "If word1 OR word2 OR word3 matches, block."

Some limitations: Hostname is a separate string from path?query (path and query
are considered as one string), so you can't use "domain.com/path". Others, like
the POST data, or the content of the requested pages are not checked. Escaped
characters are not decoded.

Once you configure #2, you can hook up wired computers on it or use it as a
second AP to extend your LAN's wireless range. As long as you configure your
notebook not to stick to a single MAC address, it should switch automatically
to the strongest signal as you move around.

You can chain several more routers this way by changing the WDS' MAC address field.

#1 --- #2 --- #3
#1
/ \
/ \
#2 #3

But avoid creating loop or a situation where there are multiple paths.

#1
/ \
/ \
#2 ---- #3
#1
/ \
/ \
#2 #3
\ /
\ /
#4

If you have to do this for link redundancy, try enabling STP in Advanced/Routing
to avoid problems.

Try setting the security setting to WPA Personal on both ends.

This is a tough one to answer since it depends on what you need. But in most
cases, simply entering 90% of your maximum upload speed in QOS/Basic, putting
your VOIP device's (if you use one) MAC address on "Highest" and on the top of
the classification list, and leaving everything else as-is will get you up and
running quickly. If you need a more complex setup, check one of the Linksys
forums for more examples or additional help.

Whenever your computer opens a connection to the Internet, the router will try
to determine what "class" it should be in by following the "rules" in the
QOS/Classification page. A "class" is basically a group rate and speed limit
as set in QOS/Basic Settings.

Here's a detailed explanation of the default rules in QOS/Classification:

#1: WWW
Class: High
TCP Dst Port: 80,443
Transferred: 0 - 512KB

Connections that have a destination port of 80 or 443 (outbound; 80 is the
standard HTTP/WWW port, 443 is the standard HTTPS port), and have transferred
LESS than 512 KB of data (outbound / upload) are put in the "High" class.

This makes web browsing a priority, as long as we're not uploading a big file.

#2: WWW (512K+)
Class: Low
TCP Dst Port: 80,443
Transferred: 512KB+

Connections that have a destination port of 80 or 443 (same as rule #1), and
have transferred MORE than 512 KB of data (outbound) are put in the "Low" class.

This makes sure long browser uploads do not monopolize the bandwidth. It
also makes sure other applications that may use the same ports, like P2P, do
not hog the bandwidth.

#3: DNS
Class: Highest
TCP/UDP Dst Port: 53
Transferred: 0 - 2KB

Connections that have a destination port of 53 (outbound), and have transferred
less than 2 KB of data (outbound / upload) are put in the "Highest" class.

This makes DNS lookup a priority.

#4: DNS (2K+)
Class: Lowest
TCP/UDP Dst Port: 53
Transferred: 2KB+

Connections that have a destination port of 53 (same as rule #3), and
have transferred more than 2 KB of data (outbound) are put in the "Lowest"
class.

This makes sure other applications that may use the same ports, like P2P, do
not hog the bandwidth.

#5: Bulk Traffic
Class: Lowest
TCP/UDP Dst Port: 1024-65535

Connections that have a destination port of 1024 to 65535 are put in the
"Lowest" class.

High port numbers are often used for non-essential services like P2P, so this
puts them in the "Lowest" class.

And finally... Ports 1 to 1023, which doesn't match any of the rules above, are
set to the default (see QOS/Basic Settings) "Low" class.

Additional notes:

The rules are evaluated top to bottom, as shown in the GUI. The *first* one that
matches sets the class.

#2, #4, #5 set the class permanently since once they match, there's no
possible change left to expect. #1 and #3 set the class temporarily since
changes to bytes transferred may go beyond the specified limit.

Connections that travel from your computer directly to the router (the endpoint
is the router) are never classified. Connections that travel from the Internet
to your computer or router, but not the other way around are also not classified.

Send as much information as you can, including steps on how to reproduce
the problem, "nvram show", logs, caps or other files (see Administration/Debugging)
if you think it would help. You can send it to
.

You can send it to the same email address above. But please understand that I cannot
implement all suggestions that I receive. And please keep the suggestions within
Tomato's "small and simple" theme. :)